TD SYNNEX Newsflash

Sophos report highlights rising non-human identity risk

Cybersecurity
By TD SYNNEX Newsflash 6th July 2026

New research highlights how non-human identities (NHIs) are fuelling identity breaches, ransomware attacks and data loss – creating growing risk for organisations and opportunity for partners.

In its latest State of Identity Security report, Sophos warns that organisations must improve how they manage non-human identities (NHIs) as AI-driven processes accelerate their adoption. Poor visibility and weak controls are increasing exposure to identity-based attacks, leading to financial loss, data theft and ransomware incidents.

Key findings from the report

  • 71% of organisations experienced at least one identity breach in the past year
  • 67% of ransomware incidents were linked to compromised identities
  • Top impacts: data theft (49%), ransomware (48%) and financial loss (47%)
  • Smaller firms are less likely to detect attacks, increasing risk exposure

Why non-human identities (NHIs) are a growing threat

Sophos report highlights rising non-human identity risk

NHIs – such as API keys, cloud tokens and AI agents – enable automated, always-on access to systems and data. However, unlike human identities, they are often poorly tracked, rarely updated and difficult to monitor.

Sophos highlights that:

  • NHIs are expanding rapidly due to agentic AI adoption
  • In some organisations, they now outnumber human identities
  • Security teams are struggling to keep pace with how quickly access is being granted

Like traditional credentials, NHIs can be stolen and exploited – yet many organisations lack the controls to manage them effectively.

Human error and weak management increase exposure

The report identifies two key drivers behind identity-related breaches:

  1. Human error, including misconfigured access and poor credential practices
  2. Inadequate NHI management, particularly around visibility, rotation and governance

Together, these gaps significantly increase the likelihood of successful attacks.

SMBs face a widening security gap

While NHIs are more prevalent in larger enterprises today, growing AI adoption means SMBs will increasingly rely on them as well.

However, detection challenges are already evident:

  • Businesses with 100–250 employees report a 19.4% failure rate in detecting attacks
  • This drops to 11.5% for organisations with 3,001–5,000 employees

For smaller organisations, the failure rate is likely higher. Many may already be compromised without knowing - leaving them vulnerable to ongoing data theft or ransomware.

Sophos describes this as a “cybersecurity poverty gap”, highlighting the urgent need for improved protection across the market.

Strengthening identity security: a partner opportunity

As identity becomes a primary attack vector, organisations need stronger monitoring, governance and protection across both human and non-human identities.

This creates a clear opportunity for partners to help customers reduce risk and strengthen their security posture. The TD SYNNEX Security Practice can support partners on all aspects of identity protection and management and on the full range of Sophos security solutions for organisations of all sizes.